Nostr notes by zCat

⚡ Tails 7.1 released - it changes the home page of Tor Browser ...

2025-10-15T22:07:06Z

⚡ Tails 7.1 released - it changes the home page of Tor Browser to an offline page and explains better how to set an administration password. #privacy

source:
https://tails.net/news/version_7.1/

Coinbase should invest into infrastructure and people (to not ...

2025-10-10T22:10:00Z

Coinbase should invest into infrastructure and people (to not sell customer's personal data) rather then military parades. It is down... as usual 🤷‍♂️

So, they got some underpaid dude with 500$ lure and then couple ...

2025-10-09T23:26:45Z

So, they got some underpaid dude with 500$ lure and then couple of 1000$. These companies deserve public shame 🤦‍♂️

quoting
nevent1q…efhg
🚨 Discord hack

- Name, Discord username, email and other contact details if provided to Discord customer support
- Limited billing information such as payment type, the last four digits of your credit card, and purchase history if associated with your account
- IP addresses
- Messages with our customer service agents
Limited corporate data (training materials, internal presentations)

https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

Great, but I am biased

2025-10-09T23:16:03Z

In reply to nevent1q…xm0n
_________________________

Great, but I am biased

Funny, I watched another YouTube privacy guru who was arrested in ...

2025-10-09T23:13:27Z

Funny, I watched another YouTube privacy guru who was arrested in the past for running a dark market. Probably these people should not be giving privacy advice (until you want to end like them) 😬

Jason Hassler: "17 countries have rolled out or passed ...

2025-10-05T12:16:06Z

Jason Hassler: "17 countries have rolled out or passed digital ID laws in the last 3 months:

-EU
-UK
-Laos
-China
-Taiwan
-Mexico
-Zambia
-Canada
-Ethiopia
-Thailand
-Vietnam
-Australia
-Costa Rica
-Switzerland
-Papua New Guinea

Totally just a coincidence, I'm sure." #privacy

Source: https://x.com/JasonBassler1/status/1974623479304687699

🚨 Discord hack - Name, Discord username, email and other ...

2025-10-03T23:48:02Z

🚨 Discord hack

- Name, Discord username, email and other contact details if provided to Discord customer support
- Limited billing information such as payment type, the last four digits of your credit card, and purchase history if associated with your account
- IP addresses
- Messages with our customer service agents
Limited corporate data (training materials, internal presentations)

https://discord.com/press-releases/update-on-security-incident-involving-third-party-customer-service

BTW, fuck Google, fuck Android sigh ...

2025-08-30T11:56:55Z

BTW, fuck Google, fuck Android *sigh*

Delete WhatsApp. It is spyware with security holes ...

2025-08-30T11:46:55Z

Delete WhatsApp. It is spyware with security holes

https://x.com/BleepinComputer/status/1961466788450894254

The newest version of zCat, an Android data aggregator for ...

2025-02-21T10:41:53Z

The newest version of zCat, an Android data aggregator for #Zcash, privacy & security news was released! Please update your app to v0.1.6!

Available in multiple languages: EN 🇺🇸, BR 🇧🇷, CS 🇨🇿, DE 🇩🇪, ES 🇪🇸, FR 🇫🇷 & RU 🇷🇺

https://play.google.com/store/apps/details?id=crypto.crab.app.zcat

It is only small patch release with smaller changes and bug fixes (and more languages). More info in the post on Free2Z:

https://free2z.cash/zCat/zpage/zcat-the-newest-version-v016-was-released

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — ...

2025-02-20T07:45:27Z

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

"Successful MitM exploitation could permit malicious actors to compromise and hijack SSH sessions, and gain unauthorized access to sensitive data."

"DoS attack can result in availability issues, preventing administrators from managing servers and locking legitimate users out, effectively crippling routine operations."

See more: https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html

#security #ssh #mitm

Hackers Exploit Signal's Linked Devices Feature to Hijack ...

2025-02-20T07:22:19Z

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

"In the attacks spotted by the Google Threat Intelligence Group, the threat actors, including one it's tracking as UNC5792, have resorted to malicious QR codes that, when scanned, will link a victim's account to an actor-controlled Signal instance.

As a result, future messages get delivered synchronously to both the victim and the threat actor in real-time, thereby granting threat actors a persistent way to eavesdrop on the victim's conversations. Google said UAC-0195 partially overlaps with a hacking group known as UAC-0195."

See more:
https://thehackernews.com/2025/02/hackers-exploit-signals-linked-devices.html

#security #privacy #signal

Qubes OS 4.2.4 has been released! What is new: - All security ...

2025-02-18T11:18:58Z

Qubes OS 4.2.4 has been released!

What is new:
- All security updates to date
- All bug fixes to date
- Included Fedora template upgraded from Fedora 40 to 41

#privacy #security

More info:
https://www.qubes-os.org/news/2025/02/18/qubes-os-4-2-4-has-been-released/

🦓 The #Zcash Foundation has announced a release of Zebra ...

2025-02-08T10:37:37Z

🦓 The #Zcash Foundation has announced a release of Zebra 2.2.0.

This release introduces an additional consensus check on the branch ID of NU6 transactions, along with some important refactors and other improvements.

See more: https://zfnd.org/zebra-2-2-0-release/

💻 Tails has released a security patch with Tails 6.12. These ...

2025-02-08T10:31:55Z

💻 Tails has released a security patch with Tails 6.12.

These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.

See more: https://blog.torproject.org/new-release-tails-6-12/

🇨🇿 The president of Czech Republic signed a new set of ...

2025-02-07T08:54:45Z

🇨🇿 The president of Czech Republic signed a new set of rules for cryptocurrencies.

Tl;Dr: Steps to integrate MiCA and no capital gains tax after 3 years of holding.

Source (in Czech):
https://www.seznamzpravy.cz/clanek/ekonomika-finance-byznys-meny-kryptomeny-prezident-pavel-podepsal-zakon-zavadejici-pravidla-pro-trh-s-kryptomenami-269565

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, ...

2024-12-11T07:23:04Z

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws, Adobe Patches Over 160 Vulnerabilities Across 16 Products.

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.

This Patch Tuesday fixed sixteen critical vulnerabilities, all of which are remote code execution flaws.

This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability CVE-2024-49138 - Windows Common Log File System Driver Elevation of Privilege Vulnerability.

See more:
BleepingComputer :
https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/

SecurityWeek:
https://www.securityweek.com/microsoft-ships-urgent-patch-for-exploited-windows-clfs-zero-day/

Security week (Adobe): https://www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/

#cybersecurity #microsoft #zeroday #patch

Exploits and vulnerabilities in Q3 2024 Q3 2024 saw multiple ...

2024-12-08T07:25:21Z

Exploits and vulnerabilities in Q3 2024

Q3 2024 saw multiple vulnerabilities discovered in Windows and Linux subsystems that are not standard for cyberattacks. This is because operating system developers have been releasing new security mitigations for whole sets of vulnerabilities in commonly used subsystems.

For example, a log integrity check is set to appear in the Common Log Filing System (CLFS) in Windows, so the number of exploits for it will drop. As for Linux, this operating system has the Linux Kernel Runtime Guard (LKRG), implemented as a separate kernel module.

Although the first version of LKRG was released back in 2018, it is undergoing constant refinement. And it is becoming more actively used in various Linux builds.

See more: https://securelist.com/exploits-and-vulnerabilities-q3-2024/114839/

#cybersecurity #exploits #vulnerabilities

SecurityWeek sums up the last week news: ENISA and NCSC release ...

2024-12-08T07:16:14Z

SecurityWeek sums up the last week news:

ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud.

See more: https://www.securityweek.com/in-other-news-cloudflare-abuse-uk-and-eu-cybersecurity-reports-fbi-gen-ai-alert/

#cybersecurity

New Windows zero-day exposes NTLM credentials, gets unofficial ...

2024-12-08T07:04:41Z

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer.

The flaw was discovered by the 0patch team, a platform that provides unofficial support for end-of-life Windows versions, and was reported to Microsoft. However, no official fix has been released yet.

According to 0patch, the issue, which currently has no CVE ID, impacts all Windows versions from Windows 7 and Server 2008 R2 up to the latest Windows 11 24H2 and Server 2022.

See more: https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/

#cybersecurity #windows #patch

Researchers Uncover Flaws in Popular Open-Source Machine Learning ...

2024-12-08T07:03:04Z

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.

The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.

Unlike the first set that involved flaws on the server-side, the newly detailed ones allow exploitation of ML clients and reside in libraries that handle safe model formats like Safetensors.

"Hijacking an ML client in an organization can allow the attackers to perform extensive lateral movement within the organization," the company said. "An ML client is very likely to have access to important ML services such as ML Model Registries or MLOps Pipelines."

See more: https://thehackernews.com/2024/12/researchers-uncover-flaws-in-popular.html

#cybersecurity #machinelearning #malware

Crypto-stealing malware posing as a meeting app targets Web3 pros ...

2024-12-08T06:58:36Z

Crypto-stealing malware posing as a meeting app targets Web3 pros

Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware.

The campaign is dubbed "Meeten" after the name commonly used by the meeting software and has been underway since September 2024.

The malware, which has both a Windows and a macOS version, targets victims' cryptocurrency assets, banking information, information stored on web browsers, and Keychain credentials (on Mac).

See more: https://www.bleepingcomputer.com/news/security/crypto-stealing-malware-posing-as-a-meeting-app-targets-web3-pros/

#cybersecurity #cryptocurrency #malware

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide ...

2024-12-08T06:56:03Z

Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.

The activity is part of an ongoing spear-phishing campaign targeting Ukrainian entities since at least early 2024 that's designed to drop the Visual Basic Script malware, Recorded Future's Insikt Group said in a new analysis.

The cybersecurity company is tracking the threat actor under the name BlueAlpha, which is also known as Aqua Blizzard, Armageddon, Hive0051, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, UAC-0010, UNC530, and Winterflounder. The group, believed to be active since 2014, is affiliated with Russia's Federal Security Service (FSB).

The tools are chiefly engineered to steal valuable data from web applications running inside internet browsers, email clients, and instant messaging applications such as Signal and Telegram, as well as download additional payloads and propagate the malware via connected USB drives.

See more: https://thehackernews.com/2024/12/hackers-leveraging-cloudflare-tunnels.html

#cybersecurity #cloudflare #malware

Critical Vulnerability Discovered in SailPoint IdentityIQ ...

2024-12-06T07:26:28Z

Critical Vulnerability Discovered in SailPoint IdentityIQ

SailPoint this week warned that a critical-severity vulnerability in the identity and access management (IAM) platform IdentityIQ could allow attackers to access restricted files.

SailPoint’s IdentityIQ IAM platform provides full lifecycle and compliance management capabilities covering provisioning, access requests, certifications, and segregation of duties.

The critical issue, tracked as CVE-2024-10905, has a CVSS score of 10/10 and is described as an improper access control flaw. The bug is, essentially, a directory traversal flaw that affects all IdentityIQ versions up to patch levels 8.4p2, 8.3p5, and 8.2p8.

See more: https://www.securityweek.com/critical-vulnerability-discovered-in-sailpoint-identityiq/

#cybersecurity #identityiq

U.S. org suffered four month intrusion by Chinese hackers A large ...

2024-12-06T07:24:31Z

U.S. org suffered four month intrusion by Chinese hackers

A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024.

According to Symantec’s threat researchers, the operation appeared to focus on intelligence gathering, involving multiple compromised machines and targeting Exchange Servers, likely for email and data exfiltration.

The researchers did not explicitly name the breached U.S. organization but mentioned that the same entity was targeted by the China-based ‘Daggerfly’ threat group in 2023.

See more
BleepingComputer:
https://www.bleepingcomputer.com/news/security/us-org-suffered-four-month-intrusion-by-chinese-hackers/

The Hackers News:
https://thehackernews.com/2024/12/researchers-uncover-4-month-cyberattack.html

#cybersecurity #cyberattack #breach

Mitel MiCollab zero-day flaw gets proof-of-concept exploit ...

2024-12-06T07:13:23Z

Mitel MiCollab zero-day flaw gets proof-of-concept exploit

Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem.

Mitel MiCollab is an enterprise collaboration platform that consolidates various communication tools into a single application, offering voice and video calling, messaging, presence information, audio conferencing, mobility support, and team collaboration functionalities.

It's utilized by various organizations, including large corporations, small to medium-sized enterprises, and companies operating on a remote or hybrid workforce model.

The latest vulnerability in the product was discovered by researchers at watchTowr, who, despite having reported to the vendor since August, it remains unfixed after 90 days of being disclosed and waiting for a patch.

See more:
BleepingComputer: https://www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/

The Hacker News:
https://thehackernews.com/2024/12/critical-mitel-micollab-flaw-exposes.html

#cybersecurity #micollab #zeroday

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, ...

2024-12-05T07:30:51Z

CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

See more: https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html

#cybersecurity #kev #cisa

quoting
nevent1q…83u9
CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild.

The issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices.

Successful exploitation of the security defect could allow an attacker to download or upload files using crafted URLs, a NIST advisory reads.

“An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability,” Qualys warned on Tuesday.

See more: https://www.securityweek.com/cisa-warns-of-zyxel-firewall-vulnerability-exploited-in-attacks/

#cybersecurity #zyxel #exploit

Europol Dismantles Criminal Messaging Service MATRIX in Major ...

2024-12-05T07:14:37Z

Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown

Europol on Tuesday announced the takedown of an invite-only encrypted messaging service called MATRIX that's created by criminals for criminal purposes.

The joint operation, conducted by French and Dutch authorities under the moniker Passionflower, comes in the aftermath of an investigation that was launched in 2021 after the messaging service was discovered on the phone of a criminal convicted for the murder of a Dutch journalist Peter R. de Vries.

This allowed authorities to intercept messages being sent via the service for a period of three months, amassing a total of more than 2.3 million messages in 33 languages. The messages, Europol said, are associated with serious crimes such as international drug trafficking, arms trafficking, and money laundering.

It's worth noting at this stage that MATRIX is different from the open-source, decentralized messaging app of the same name ("matrix[.]org"). Also known by other names such as Mactrix, Totalsec, X-quantum, and Q-safe, it had at least 8,000 user accounts globally, who paid anywhere between $1,360 and $1,700 in cryptocurrency for a Google Pixel phone and a six-month subscription to the service installed on it.

See more: https://thehackernews.com/2024/12/europol-dismantles-criminal-messaging.html

#cybersecurity #matrix

How to Plan a New (and Improved!) Password Policy for Real-World ...

2024-12-05T07:10:53Z

How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges

Many organizations struggle with password policies that look strong on paper but fail in practice because they're too rigid to follow, too vague to enforce, or disconnected from real security needs.

Password policy must be strict enough to protect your systems, flexible enough for daily work, and precise enough to be enforced consistently. Let's explore five strategies for building a password policy that works in the real world.

1. Build compliant password practices
2. Review your existing password obligations
3. Create a policy based on real data
4. Put some muscle in your password policy
5. Create password standards that stick

See more: https://thehackernews.com/2024/12/how-to-plan-new-and-improved-password.html

#cybersecurity #password #passwordpolicy

New DroidBot Android malware targets 77 banking, crypto apps A ...

2024-12-05T07:01:28Z

New DroidBot Android malware targets 77 banking, crypto apps

A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal.

According to Cleafy researchers who discovered the new Android malware, DroidBot has been active since June 2024 and operates as a malware-as-a-service (MaaS) platform, selling the tool for $3,000/month.

At least 17 affiliate groups have been identified using malware builders to customize their payloads for specific targets.

DroidBot's developers, who appear to be Turkish, provide affiliates with all the tools required to conduct attacks. This includes the malware builder, command and control (C2) servers, and a central administration panel from which they can control their operations, retrieve stolen data, and issue commands.

See more: https://www.bleepingcomputer.com/news/security/new-droidbot-android-malware-targets-77-banking-crypto-apps/

#cybersecurity #android #malware

Android’s December 2024 Security Update Patches 14 ...

2024-12-05T06:58:33Z

Android’s December 2024 Security Update Patches 14 Vulnerabilities

Google on Tuesday announced patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update, including a remote code execution flaw in the System component.

The first part of the update, which arrives on devices as the 2024-12-01 security patch level, resolves six security defects in the Framework and System components, five of which could allow attackers to elevate privileges.

According to Google’s advisory, however, the sixth of these bugs, which is tracked as CVE-2024-43767 and impacts System, is the most severe issue, as it could lead to remote code execution (RCE) with no additional execution privileges needed.

Fixes for these defects were included in updated Android 12, 12L, 13, 14, and 15 versions and the source code for these patches has been released to the Android Open Source Project (AOSP) repository.

See more: https://www.securityweek.com/androids-december-2024-security-update-patches-14-vulnerabilities/

#cybersecurity #android

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks ...

2024-12-05T06:56:17Z

CISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks

The US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild.

The issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices.

Successful exploitation of the security defect could allow an attacker to download or upload files using crafted URLs, a NIST advisory reads.

“An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability,” Qualys warned on Tuesday.

See more: https://www.securityweek.com/cisa-warns-of-zyxel-firewall-vulnerability-exploited-in-attacks/

#cybersecurity #zyxel #exploit

Critical SailPoint IdentityIQ Vulnerability Exposes Files to ...

2024-12-04T07:08:05Z

Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory.

The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions.

IdentityIQ "allows HTTP access to static content in the IdentityIQ application directory that should be protected," according to a description of the flaw on NIST's National Vulnerability Database (NVD).

See more: https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html

#cybersecurity #identityq

With Threats to Encryption Looming, Signal’s Meredith Whittaker ...

2024-12-04T07:03:21Z

With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’

At WIRED’s The Big Interview event, the president of the Signal Foundation talked about secure communications as critical infrastructure and the need for a new funding paradigm for tech.

The secure messaging app Signal is famous for knowing as little about its users as possible. The app isn’t hoarding metadata, tracking you, or showing you ads—in other words, it’s not monetizing user data. Instead, the Signal Foundation is a nonprofit. Its president, Meredith Whittaker, sees a massive shift underway and an “invitation for action” as the monoliths of Big Tech lose popularity and the old economics of Silicon Valley become brittle.

See more: https://www.wired.com/story/big-interview-meredith-whittaker-signal-2024/

#signal #privacy

Veeam warns of critical RCE bug in Service Provider Console Veeam ...

2024-12-04T07:01:04Z

Veeam warns of critical RCE bug in Service Provider Console

Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.

The first security flaw fixed today (tracked as CVE-2024-42448 and rated with a 9.9/10 severity score) enables attackers to execute arbitrary code on unpatched servers from the VSPC management agent machine.

Veeam also patched a high-severity vulnerability (CVE-2024-42449) that can let attackers steal the NTLM hash of the VSPC server service account and use the gained access to delete files on the VSPC server.

See more:
BleepingComputer: https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/

The Hackers News: https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html

#cybersecurity #rce #veeam

Cloudflare’s developer domains increasingly abused by threat ...

2024-12-04T06:51:28Z

Cloudflare’s developer domains increasingly abused by threat actors

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.

According to cybersecurity firm Fortra, the abuse of these domains has risen between 100% and 250% compared to 2023.

The researchers believe the use of these domains is aimed at improving the legitimacy and effectiveness of these malicious campaigns, taking advantage of Cloudflare's trusted branding, service reliability, low usage costs, and reverse proxying options that complicate detection.

Cloudflare Pages is a platform designed for front-end developers to build, deploy, and host fast, scalable websites directly on Cloudflare's global Content Delivery Network (CDN).

See more: https://www.bleepingcomputer.com/news/security/cloudflares-developer-domains-increasingly-abused-by-threat-actors/

#cybersecurity #phishing #cloudflare

Cisco Warns of Exploitation of Decade-Old ASA WebVPN ...

2024-12-04T06:42:54Z

Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability

Cisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).

The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA's WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a targeted user of the appliance.

"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco noted in an alert released in March 2014.

As of December 2, 2024, the networking equipment major has revised its bulletin to note that it has become aware of "additional attempted exploitation" of the vulnerability in the wild.

See more: https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html

#cybersecurity #xss #webvpn

Horns&Hooves Campaign Delivers RATs via Fake Emails and ...

2024-12-03T14:20:41Z

Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads

A newly discovered malware campaign has been found to target private users, retailers, and service businesses mainly located in Russia to deliver NetSupport RAT and BurnsRAT.

The campaign, dubbed Horns&Hooves by Kaspersky, has hit more than 1,000 victims since it began around March 2023. The end goal of these attacks is to leverage the access afforded by these trojans to install stealer malware such as Rhadamanthys and Meduza.

"Recent months have seen a surge in mailings with lookalike email attachments in the form of a ZIP archive containing JScript scripts," security researcher Artem Ushkov said in a Monday analysis. "The script files [are] disguised as requests and bids from potential customers or partners."

See more: https://thehackernews.com/2024/12/horns-campaign-delivers-rats-via-fake.html

#cybersecurity #malware

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024 ...

2024-12-03T14:17:17Z

Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024

Nearly $1.49 billion in cryptocurrency losses have been registered to date in 2024, mainly due to hacking incidents, a new report from web3 bug bounty platform Immunefi shows.

The total year-to-date losses have dropped compared to last year, when they surpassed $1.75 billion during the period, and were mainly driven by losses of over $359 million in May and of more than $282 million in July.

In November, cryptocurrency losses surpassed $71 million, mainly due to hacks ($70,996,200), with only a small percentage lost to rug pulls ($25,300). Total losses were 79% lower compared to November 2023, when they exceeded $343 million.

See more:
https://www.securityweek.com/hackers-stole-1-49-billion-in-cryptocurrency-to-date-in-2024/

#cybersecurity #cryptocurrency #defi

Location tracking of phones is out of control. Here’s how to ...

2024-12-01T07:56:43Z

Location tracking of phones is out of control. Here’s how to fight back.

Unique IDs assigned to Android and iOS devices threaten your privacy. Who knew?

You likely have never heard of Babel Street or Location X, but chances are good that they know a lot about you and anyone else you know who keeps a phone nearby around the clock.

Reston, Virginia-located Babel Street is the little-known firm behind Location X, a service with the capability to track the locations of hundreds of millions of phone users over sustained periods of time.

See more:
https://arstechnica.com/information-technology/2024/10/phone-tracking-tool-lets-government-agencies-follow-your-every-move/

#privacy #tracking #mobile

Zello asks users to reset passwords after security incident Zello ...

2024-11-28T23:45:27Z

Zello asks users to reset passwords after security incident

Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach.

Zello is a mobile service with 140 million users that allows first responders, hospitality services, transportation, and family and friends to communicate via their mobile phones using a push-to-talk app.

Over the past two weeks, numerous people have received security notices from Zello on November 15th asking them to reset their app password.

See more: https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/

#cybersecurity #zello

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts ...

2024-11-28T23:44:08Z

U.S. Telecom Giant T-Mobile Detects Network Intrusion Attempts from Wireline Provider

U.S. telecom service provider T-Mobile said it recently detected attempts made by bad actors to infiltrate its systems in recent weeks but noted that no sensitive data was accessed.

These intrusion attempts "originated from a wireline provider's network that was connected to ours," Jeff Simon, chief security officer at T-Mobile, said in a statement. "We see no instances of prior attempts like this."

The company further said its security defenses prevented the threat actors from disrupting its services or obtaining customer information. It has since confirmed that it cut off connectivity to the unnamed provider's network. It did not explicitly attribute the activity to any known threat actor or group, but noted that it has shared its findings with the U.S. government.

See more
The Hacker News:
https://thehackernews.com/2024/11/us-telecom-giant-t-mobile-detects.html

Bleeping Computer:
https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-t-mobiles-routers-to-scope-out-network/

SecurityWeek:
https://www.securityweek.com/t-mobile-shares-more-information-on-china-linked-cyberattack/

#cybersecurity

Police bust pirate streaming service making €250 million per ...

2024-11-28T23:30:41Z

Police bust pirate streaming service making €250 million per month

An international law enforcement operation has dismantled a pirate streaming service that served over 22 million users worldwide and made €250 million ($263M) per month.

Italy's Postal and Cybersecurity Police Service announced the action, codenamed "Taken Down," stating they worked with Eurojust, Europol, and many other European countries, making this the largest takedown of its kind in Italy and internationally.

"More than 270 Postal Police officers, in collaboration with foreign law enforcement, carried out 89 searches in 15 Italian regions and 14 additional searches in the United Kingdom, the Netherlands, Sweden, Switzerland, Romania, Croatia, and China, involving 102 individuals," reads the announcement.

See more: https://www.bleepingcomputer.com/news/technology/police-bust-pirate-streaming-service-making-250-million-per-month/

#pirate #streaming

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace ...

2024-11-28T23:26:30Z

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.

That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.

"In this attack, an email purporting to be from a prospective employee was sent to the organization's recruiting contact, infecting the contact with malware," the agency said.

See more: https://thehackernews.com/2024/11/apt-c-60-exploits-wps-office.html

#cybersecurity #malware

New NachoVPN attack uses rogue VPN servers to install malicious ...

2024-11-28T01:58:29Z

New NachoVPN attack uses rogue VPN servers to install malicious updates

A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them.

AmberWolf security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering or phishing attacks.

Threat actors can use the rogue VPN endpoints to steal the victims' login credentials, execute arbitrary code with elevated privileges, install malicious software via updates, and launch code-signing forgery or man-in-the-middle attacks by installing malicious root certificates.

See more:
Bleeping Computer: https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/

SecurityWeek:
https://www.securityweek.com/new-vpn-attack-demonstrated-against-palo-alto-networks-sonicwall-products/

#cybersecurity

Firefox and Windows zero-days exploited by Russian RomCom hackers ...

2024-11-28T01:53:24Z

Firefox and Windows zero-days exploited by Russian RomCom hackers

Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America.

The first flaw (CVE-2024-9680) is a use-after-free bug in Firefox's animation timeline feature that allows code execution in the web browser's sandbox. Mozilla patched this vulnerability on October 9, 2024, one day after ESET reported it.

The second zero-day exploited in this campaign is a privilege escalation flaw (CVE-2024-49039) in the Windows Task Scheduler service, allowing attackers to execute code outside the Firefox sandbox. Microsoft addressed this security vulnerability earlier this month, on November 12.

RomCom abused the two vulnerabilities as a zero-day chain exploit, which helped them gain remote code execution without requiring user interaction. Their targets only had to visit an attacker-controlled and maliciously crafted website that downloaded and executed the RomCom backdoor on their system.

See more:
Bleeping Computer:
https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/

The Hackers News:
https://thehackernews.com/2024/11/romcom-exploits-zero-day-firefox-and.html

SecurityWeek:
https://www.securityweek.com/russian-apt-chained-firefox-and-windows-zero-days-against-us-and-european-targets/

#cybersecurity #zeroday #firefox

Researchers Discover "Bootkitty" – First UEFI Bootkit ...

2024-11-28T01:47:23Z

Researchers Discover "Bootkitty" – First UEFI Bootkit Targeting Linux Kernels

Cybersecurity researchers have shed light on what has been described as the first Unified Extensible Firmware Interface (UEFI) bootkit designed for Linux systems.

Dubbed Bootkitty by its creators who go by the name BlackCat, the bootkit is assessed to be a proof-of-concept (PoC) and there is no evidence that it has been put to use in real-world attacks. Also tracked as IranuKit, it was uploaded to the VirusTotal platform on November 5, 2024.

"The bootkit's main goal is to disable the kernel's signature verification feature and to preload two as yet unknown ELF binaries via the Linux init process (which is the first process executed by the Linux kernel during system startup)," ESET researchers Martin Smolár and Peter Strýček said.

The development is significant as it heralds a shift in the cyber threat landscape where UEFI bootkits are no longer confined to Windows systems alone.

See more
The Hackers News:
https://thehackernews.com/2024/11/researchers-discover-bootkitty-first.html

BleepingComputer:
https://www.bleepingcomputer.com/news/security/researchers-discover-bootkitty-first-uefi-bootkit-malware-for-linux/

SecurityWeek:
https://www.securityweek.com/eset-flags-prototype-uefi-bootkit-targeting-linux/

#cybersecurity #uefi #bootkit

Hackers abuse popular Godot game engine to infect thousands of ...

2024-11-28T01:41:24Z

Hackers abuse popular Godot game engine to infect thousands of PCs

Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months.

As Check Point Research found while investigating the attacks, threat actors can use this malware loader to target gamers across all major platforms, including Windows, macOS, Linux, Android, and iOS.

It's also used to leverage Godot's flexibility and its GDScript scripting language capabilities to execute arbitrary code and bypass detection systems using the game engine .pck files, which package game assets, to embed harmful scripts.

Once loaded, the maliciously crafted files trigger malicious code on the victims' devices, enabling attackers to steal credentials or download additional payloads, including the XMRig crypto miner. This miner malware's configuration was hosted on a private Pastebin file uploaded in May, which was visited 206,913 times throughout the campaign.

See more:
https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/

#cybersecurity #godot #malware

IBM Patches RCE Vulnerabilities in Data Virtualization Manager, ...

2024-11-26T18:10:23Z

IBM Patches RCE Vulnerabilities in Data Virtualization Manager, Security SOAR

IBM on Monday announced patches for multiple vulnerabilities across its products, including two high-severity remote code execution (RCE) issues in Data Virtualization Manager and Security SOAR.

Tracked as CVE-2024-52899 (CVSS score of 8.5), the flaw in Data Virtualization Manager for z/OS could allow a remote, authenticated attacker to inject malicious JDBC URL parameters, which could lead to arbitrary code execution on the server.

IBM has released fix packs for Data Virtualization Manager for z/OS versions 1.1 and 1.2, and has included instructions on how to download them in its advisory.

See more:
https://www.securityweek.com/ibm-patches-rce-vulnerabilities-in-data-virtualization-manager-security-soar/

#cybersecurity #ibm #rce

VMware Patches High-Severity Vulnerabilities in Aria Operations ...

2024-11-26T18:07:59Z

VMware Patches High-Severity Vulnerabilities in Aria Operations

Virtualization software vendor VMware on Tuesday released a high-severity bulletin with patches for at least five security defects in its Aria Operations product.

The company documented five distinct vulnerabilities in the cloud IT operations platform and warned that malicious hackers can craft exploits to elevate privileges or launch cross-site scripting attacks.

See more:
https://www.securityweek.com/vmware-patches-high-severity-vulnerabilities-in-aria-operations/

#cybersecurity #vmware

Critical Vulnerabilities Found in Anti-Spam Plugin Used by ...

2024-11-26T18:01:06Z

Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites

Two critical vulnerabilities in CleanTalk’s anti-spam plugin for WordPress could allow attackers to execute arbitrary code remotely, without authentication, Defiant warns.

The issues, tracked as CVE-2024-10542 and CVE-2024-10781 (CVSS score of 9.8), affect the ‘Spam protection, Anti-Spam, FireWall by CleanTalk’ plugin, which has more than 200,000 active installations.

Both flaws could allow remote, unauthenticated attackers to install and activate arbitrary plugins, including vulnerable plugins that could be exploited for remote code execution (RCE).

See more:
Security Week:
https://www.securityweek.com/critical-vulnerabilities-found-in-anti-spam-plugin-used-by-200000-wordpress-sites/

The Hacker News:
https://thehackernews.com/2024/11/critical-wordpress-anti-spam-plugin.html

#cybersecurity #wordpress #rce

Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack A ...

2024-11-26T10:43:07Z

Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack

A ransomware attack on supply chain management software provider Blue Yonder has caused significant disruptions for some of the company’s customers, including several major firms.

Arizona-based Blue Yonder revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to a ransomware attack.

The company immediately launched an investigation and started working on restoring impacted services. In the latest update shared on its website on November 24, Blue Yonder said it had been making steady progress, but did not have a timeline for fully restoring services.

Blue Yonder said it hired a cybersecurity firm to assist its investigation and restoration efforts, but did not share any other information on the attack itself.

See more: https://www.securityweek.com/starbucks-grocery-stores-hit-by-blue-yonder-ransomware-attack/

#cybersecurity #ransomware

CISA Urges Agencies to Patch Critical "Array Networks" ...

2024-11-26T10:40:34Z

CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.

The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), concerns a case of missing authentication that could be exploited to achieve arbitrary code execution remotely. Fixes (version 9.4.0.484) for the security shortcoming were released by the network hardware vendor in March 2023.

"Array AG/vxAG remote code execution vulnerability is a web security vulnerability that allows an attacker to browse the filesystem or execute remote code on the SSL VPN gateway using flags attribute in HTTP header without authentication," Array Networks said. "The product can be exploited through a vulnerable URL."

See more: https://thehackernews.com/2024/11/cisa-urges-agencies-to-patch-critical.html

#cybersecurity #arraynetworks

Recent Zyxel Firewall Vulnerability Exploited in Ransomware ...

2024-11-26T10:37:34Z

Recent Zyxel Firewall Vulnerability Exploited in Ransomware Attacks

Zyxel has issued a fresh warning on threat actors exploiting a recently patched command injection vulnerability in its firewalls after security firms have observed a ransomware group targeting the flaw for initial compromise.

The bug, tracked as CVE-2024-42057, could allow remote attackers to execute OS commands on vulnerable devices, without authentication.

Zyxel announced patches for this flaw and six other security defects on September 3, explaining that only devices configured in User-Based-PSK authentication mode on which a valid user with a long username exceeding 28 characters exists are affected.

Zyxel addressed these vulnerabilities with the release of firmware version 5.39 for ATP, USG FLEX, and USG FLEX 50(W)/USG20(W)-VPN series devices.

See more: https://www.securityweek.com/recent-zyxel-firewall-vulnerability-exploited-in-ransomware-attacks/

#cybersecurity #ransomware #zyxel

Salt Typhoon hackers backdoor telcos with new GhostSpider malware ...

2024-11-26T00:00:32Z

Salt Typhoon hackers backdoor telcos with new GhostSpider malware

The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new "GhostSpider" backdoor in attacks against telecommunication service providers.

The backdoor was discovered by Trend Micro, which has been monitoring Salt Typhoon's attacks against critical infrastructure and government organizations worldwide.

Along with GhostSpider, Trend Micro discovered that the threat group also uses a previously documented Linux backdoor named 'Masol RAT,' a rootkit named 'Demodex,' and a modular backdoor shared among Chinese APT groups named 'SnappyBee.'

See more: https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/

#cybersecurity #salttyphoon #ghostspider

quoting
nevent1q…qja4
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.

Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications networks, the protocols that undergird telecommunications, and the various interconnections between providers.

The threat actor's malware portfolio includes bespoke tools that facilitate clandestine access, command-and-control (C2), and data exfiltration.

See more
The Hackers News: https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html

Infosecurity magazine:
https://www.infosecurity-magazine.com/news/tmobile-breached-chinese/

#cybersecurity #c2 #hack #SaltTyphoon

Advanced threat predictions for 2025 Report from Kaspersky’s ...

2024-11-25T23:53:50Z

Advanced threat predictions for 2025

Report from Kaspersky’s Global Research and Analysis Team about the future threats and rebalancing last year predictions.

See more: https://securelist.com/ksb-apt-predictions-2025/114582/

#cybersecurity

QNAP addresses critical flaws across NAS, router software QNAP ...

2024-11-25T23:50:21Z

QNAP addresses critical flaws across NAS, router software

QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible.

See more: https://www.bleepingcomputer.com/news/security/qnap-addresses-critical-flaws-across-nas-router-software/

#cybersecurity

PyPI Python Library "aiocpa" Found Exfiltrating Crypto ...

2024-11-25T23:39:06Z

PyPI Python Library "aiocpa" Found Exfiltrating Crypto Keys via Telegram Bot

The administrators of the Python Package Index (PyPI) repository have quarantined the package "aiocpa" following a new update that included malicious code to exfiltrate private keys via Telegram.

The package in question is described as a synchronous and asynchronous Crypto Pay API client. The package, originally released in September 2024, has been downloaded 12,100 times to date.

By putting the Python library in quarantine, it prevents further installation by clients and cannot be modified by its maintainers.

Cybersecurity outfit Phylum, which shared details of the software supply chain attack last week, said the author of the package published the malicious update to PyPI, while keeping the library's GitHub repository clean in an attempt to evade detection.

See more: https://thehackernews.com/2024/11/pypi-python-library-aiocpa-found.html

#cybersecurity #supplychainattack #crypto

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to ...

2024-11-21T12:36:27Z

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.

Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications networks, the protocols that undergird telecommunications, and the various interconnections between providers.

The threat actor's malware portfolio includes bespoke tools that facilitate clandestine access, command-and-control (C2), and data exfiltration.

See more
The Hackers News: https://thehackernews.com/2024/11/china-backed-hackers-leverage-sigtran.html

Infosecurity magazine:
https://www.infosecurity-magazine.com/news/tmobile-breached-chinese/

#cybersecurity #c2 #hack #SaltTyphoon

"Someone is attacking @nprofile…v5nr right now and has been ...

2024-11-08T14:34:40Z

"Someone is attacking The Tor Project (nprofile…v5nr) right now and has been for a few weeks.

The attacker is spoofing the IPs of Tor Exit and Directory nodes, and blasting TCP SYN packets indiscriminately on 22/TCP- spurring a large amount of abuse complaints to hosting providers, which are then temp blocking/banning Tor infrastructure which isn't actually doing anything wrong."

See more in the original Twitter post:
https://x.com/Andrew___Morris/status/1854289771197329517

#tor #privacy

qBittorrent fixes flaw exposing users to MitM attacks for 14 ...

2024-11-01T08:28:35Z

qBittorrent fixes flaw exposing users to MitM attacks for 14 years

qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app.

The flaw, introduced in a commit on April 6, 2010, was eventually fixed in the latest release, version 5.0.1, on October 28, 2024, more than 14 years later.

However, as security researcher Sharp Security highlighted in a blog post, the team fixed a notable flaw without adequately informing the users about it and without assigning a CVE to the problem.

See more: https://www.bleepingcomputer.com/news/security/qbittorrent-fixes-flaw-exposing-users-to-mitm-attacks-for-14-years/

#cybersecurity #torrent

Tails 6.9 is out! It updates Tor Browser to 14.0.1 and fixes some ...

2024-10-31T13:21:58Z

Tails 6.9 is out! It updates Tor Browser to 14.0.1 and fixes some reliability issues in automatic upgrades.

Changes and updates
- Update Tor Browser to 14.0.1.
- Update the Tor client to 0.4.8.13.
- Update Thunderbird to 115.16.0.

See more
https://tails.net/news/version_6.9/

#privacy #tails #tor

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 ...

2024-10-31T13:14:08Z

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer

A malvertising campaign is exploiting Meta’s platform to spread SYS01 infostealer, targeting men 45+ via fake ads for popular software. The malware steals Facebook credentials, hijacks accounts espicially those administrating business pages, and spreads further attacks globally.

See more: https://hackread.com/fake-meta-ads-hijacking-facebook-sys01-infostealer/

#cybersecurity #facebook

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 ...

2024-10-31T13:10:59Z

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.

See more: https://www.securityweek.com/honeypot-surprise-researchers-catch-attackers-exposing-15000-stolen-credentials-in-s3-bucket/

#cybersecurity

quoting
nevent1q…h9a7
Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.

Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords.

According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens.

These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials.

See more: https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/

#cybersecurity #git

Interbank confirms data breach following failed extortion, data ...

2024-10-31T13:00:10Z

Interbank confirms data breach following failed extortion, data leak

Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online.

Previously known as the International Bank of Peru (Banco Internacional del Perú), the company provides financial services to over 2 million customers.

See more: https://www.bleepingcomputer.com/news/security/interbank-confirms-data-breach-following-failed-extortion-data-leak/

#privacy #cybersecurity

FakeCall Android Trojan Evolves with New Evasion Tactics and ...

2024-10-31T12:22:01Z

FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities

The sophisticated vishing malware known as FakeCall (aka Fakecalls) has become more sophisticated. New research shows an increase in evasion and espionage capabilities for an Android malware that has been known and classified as a banking trojan largely targeting South Korea.

In addition to vishing (voice phishing), FakeCall could also capture live audio and video streams from the infected devices, allowing attackers to steal sensitive data without victim interaction.

Callie Guenther, senior manager of cyber threat research at Critical Start, told SecurityWeek, “The techniques used, such as native API utilization, advanced obfuscation, and remote surveillance, resemble TTPs seen in state-sponsored campaigns. Although not definitively attributed, these capabilities align with those observed in APT groups focused on espionage and high-value financial targeting.”

See more:
Security week:
https://www.securityweek.com/fakecall-android-trojan-evolves-with-new-evasion-tactics-and-expanded-espionage-capabilities/

Bleeping Comuper:
https://www.bleepingcomputer.com/news/security/android-malware-fakecall-now-reroutes-bank-calls-to-attackers/

#cybersecurity #vishing

Opera Browser Fixes Big Security Hole That Could Have Exposed ...

2024-10-31T12:02:44Z

Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information

A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to private APIs.

The attack, codenamed CrossBarking, could have made it possible to conduct actions such as capturing screenshots, modifying browser settings, and account hijacking, Guardio Labs said.

To demonstrate the issue, the company said it managed to publish a seemingly harmless browser extension to the Chrome Web Store that could then exploit the flaw when installed on Opera, making it an instance of a cross-browser-store attack.

The issue has been addressed by Opera as of September 24, 2024, following responsible disclosure. That said, this is not the first time security flaws have been identified in the browser.

See more: https://thehackernews.com/2024/10/opera-browser-fixes-big-security-hole.html

#cybersecurity #opera

Google and Mozilla on Tuesday announced security updates for ...

2024-10-31T11:59:16Z

Google and Mozilla on Tuesday announced security updates for their Chrome and Firefox web browsers, and some of the vulnerabilities they patch are potentially severe.

See more:
https://www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/

#cybersecurity #chrome #mozilla

Hackers steal 15,000 cloud credentials from exposed Git config ...

2024-10-31T11:55:09Z

Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.

Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords.

According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens.

These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials.

See more: https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/

#cybersecurity #git

LottieFiles hit in npm supply chain attack targeting users' ...

2024-10-31T11:48:43Z

LottieFiles hit in npm supply chain attack targeting users' crypto

LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied.

As discovered yesterday, following multiple user reports about strange code injections, the affected versions are Lottie Web Player (“lottie-player”) 2.0.5, 2.0.6, and 2.0.7, all published yesterday.

LottieFiles quickly released a new version, 2.0.8, which is based on the clean 2.0.4, advising users to upgrade to it as soon as possible.

See more: https://www.bleepingcomputer.com/news/security/lottiefiles-hit-in-npm-supply-chain-attack-targeting-users-crypto/

#cybersecurity #crypto

ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using ...

2024-10-30T08:06:01Z

ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis

Malicious instructions encoded in hexadecimal format could have been used to bypass ChatGPT safeguards designed to prevent misuse.

The new jailbreak was disclosed on Monday by Marco Figueroa, gen-AI bug bounty programs manager at Mozilla, through the 0Din bug bounty program.

If a user instructs the chatbot to write an exploit for a specified CVE, they are informed that the request violates usage policies. However, if the request was encoded in hexadecimal format, the guardrails were bypassed and ChatGPT not only wrote the exploit, but also attempted to execute it “against itself”, according to Figueroa.

See more
Security Week: https://www.securityweek.com/first-chatgpt-jailbreak-disclosed-via-mozillas-new-ai-bug-bounty-program/

Dark Reading: https://www.darkreading.com/application-security/chatgpt-manipulated-hex-code

#cybersecurity #ai #chatgpt #jailbreak

Italian Politicians Express Alarm at Latest Data Breach Allegedly ...

2024-10-30T07:56:33Z

Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens

Italian politicians called Monday for better protection of citizens’ online data following a probe into a hacking scheme that allegedly breached law enforcement, tax authority and other sensitive public data.

According to prosecutors in Milan, the data of at least 800,000 Italians was compromised in breaches dating from 2022 by a private investigative agency that compiled dossiers for a fee on top Italian business and political figures. Prosecutors were still investigating which officials had been targeted.

See more: https://www.securityweek.com/italian-politicians-express-alarm-at-latest-data-breach-allegedly-affecting-800000-citizens/

#cybersecurity #privacy

Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other ...

2024-10-30T07:54:34Z

Apple Patches Over 70 Vulnerabilities Across iOS, macOS, Other Products

Apple on Monday announced fresh security updates for both iOS and macOS users, addressing over 70 CVEs across its platforms, including several bugs leading to protected file system modifications.

iOS 18.1 and iPadOS 18.1 are now rolling out to mobile users with patches for 28 vulnerabilities that could lead to information leaks, the disclosure of process memory, denial-of-service, sandbox escape, modification of protected system files, heap corruption, and access to restricted files.

The tech giant points to similar outcomes and resolutions for 59 security defects that were resolved with the macOS Sequoia 15.1 update that started rolling out on Monday. The patches address 15 issues that were also addressed in iOS and several flaws in third-party dependencies.

Additionally, Apple released macOS Sonoma 14.7.1 and macOS Ventura 13.7.1 with fixes for over 40 defects each, and announced the rollout of watchOS, tvOS, and visionOS security updates as well.

See more: https://www.securityweek.com/apple-patches-over-70-vulnerabilities-across-ios-macos-other-products/

#cybersecurity #apple #ios

Free, France’s second largest ISP, confirms data breach after ...

2024-10-29T08:41:08Z

Free, France’s second largest ISP, confirms data breach after leak

Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information.

The company, which says it had over 22.9 million mobile and fixed subscribers at the end of June, is the second-largest telecommunications company in France and a subsidiary of the Iliad Group, Europe's sixth-largest mobile operator by number of subscribers.

Free has since filed a criminal complaint with the public prosecutor and notified the French National Commission for Information Technology and Civil Liberties (CNIL) and the National Agency for the Security of Information Systems (ANSSI) of the incident.

See more: https://www.bleepingcomputer.com/news/security/free-frances-second-largest-isp-confirms-data-breach-after-leak/

#cybersecurity #security #privacy

Google Invests in Alternative Neutral Atom Quantum Technology ...

2024-10-29T08:38:45Z

Google Invests in Alternative Neutral Atom Quantum Technology

Google has privately invested in a firm developing a very different and potentially rival quantum computer technology.

Google, a major figure in quantum computer development using superconducting technology to produce quantum bits (qubits), has invested a multi-million dollar sum into a firm developing an entirely different quantum technology: neutral atoms.

In mid-October 2024 – five years after Google announced it had achieved ‘quantum supremacy’ in 2019 – it invested in the quantum hardware firm QuEra Computing. This was a private investment in a private firm that was founded in 2018. The investment is outside of venture funding, and there are no disclosed details.

See more: https://www.securityweek.com/google-invests-in-alternative-neutral-atom-quantum-technology/

#technology #cybersecurity #google #quantumcomputing

Hard-Coded Credentials Vulnerability Found In Kubernetes Image ...

2024-10-29T08:28:28Z

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

A critical vulnerability just received a fix with the latest Kubernetes Image Builder release. The vulnerability existed due to hard-coded credentials allowing unauthorized access to an adversary

According to its latest advisory, two security issues received patches with the latest Kubernetes Image Builder. One of these, identified as CVE-2024-9486 (CVSS score of 9.8), existed due to hard-coded credentials enabled during the image-building process. These credentials would remain enabled even with the virtual machines (VMs) built with the Proxmox provider, exposing any nodes using the images to root access from an unauthorized adversary.

In addition, the same Image Builder release also addressed another security flaw, identified as CVE-2024-9594. This medium-severity vulnerability (CVSS 6.3) is the same issue explained above; however, the severity is less for images built with Nutanix, OVA, QEMU, or raw providers. Hence, it’s identified separately and explained here on GitHub.

Users must ensure updating to the Kubernetes Image Builder version 0.1.38 or later to receive all the patches.

See more: https://latesthackingnews.com/2024/10/28/hard-coded-credentials-vulnerability-found-in-kubernetes-image-builder/

#cybersecurity #security #kubernetes

New tool bypasses Google Chrome’s new cookie encryption system ...

2024-10-29T08:16:56Z

New tool bypasses Google Chrome’s new cookie encryption system

A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser.

The tool, named 'Chrome-App-Bound-Encryption-Decryption,' was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses.

Although the tool achieves what multiple infostealer operations have already added to their malware, its public availability raises the risk for Chrome users who continue to store sensitive data in their browsers.
https://www.bleepingcomputer.com/news/security/new-tool-bypasses-google-chromes-new-cookie-encryption-system/

#cybersecurity #security #privacy

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies ...

2024-10-29T08:11:56Z

Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services

A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout.

"The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies," ESET security researcher Anh Ho said. "Through a plugin, CloudScout works seamlessly with MgBot, Evasive Panda's signature malware framework."

The use of the .NET-based malware tool, per the Slovak cybersecurity company, was detected between May 2022 and February 2023. It incorporates 10 different modules, written in C#, out of which three are meant for stealing data from Google Drive, Gmail, and Outlook. The purpose of the remaining modules remains unknown.

See more: https://thehackernews.com/2024/10/chinese-hackers-use-cloudscout-toolset.html

#cybersecurity #security

US says Chinese hackers breached multiple telecom providers The ...

2024-10-29T08:08:17Z

US says Chinese hackers breached multiple telecom providers

The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.

The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.

"The U.S. Government is investigating the unauthorized access to commercial telecommunications infrastructure by actors affiliated with the People's Republic of China," reads the announcement.

See more: https://www.bleepingcomputer.com/news/security/us-says-chinese-hackers-breached-multiple-telecom-providers/

#cybersecurity #security

Researchers Uncover OS Downgrade Vulnerability Targeting ...

2024-10-29T08:03:19Z

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new attack technique could be used to bypass Microsoft's Driver Signature Enforcement (DSE) on fully patched Windows systems, leading to operating system (OS) downgrade attacks.

"This bypass allows loading unsigned kernel drivers, enabling attackers to deploy custom rootkits that can neutralize security controls, hide processes and network activity, maintain stealth, and much more," SafeBreach researcher Alon Leviev said in a report shared with The Hacker News.

The latest findings build on an earlier analysis that uncovered two privilege escalation flaws in the Windows update process (CVE-2024-21302 and CVE-2024-38202) that could be weaponized to rollback an up-to-date Windows software to an older version containing unpatched security vulnerabilities.

See more:
TheHackerNews: https://thehackernews.com/2024/10/researchers-uncover-os-downgrade.html

SecurityWeek:
https://www.securityweek.com/more-details-shared-on-windows-downgrade-attacks-after-microsoft-rolls-out-mitigations/

#cybersecurity #security

Nostr event nevent1qqspdpq4tvcnhhrck5gqyjme3960mpunfavnxy5nwq86cxrmtkysyqczyqt06fhsqp20vc23c67hjf0daaq4scgr4uvag30e8an0tcjtx3p85lwyhr8

2024-10-28T19:39:22Z

Happy Birthday Zcash! On this day, 28th October 2016, 8 years ago was generated the genesis block of the Zcash blockchain.

Zcash was the first real-world application of zero-knowledge proofs, a novel method by which one party (the prover) can prove to another (the verifier) that a statement is true, without revealing any information beyond the validity of the statement itself.

#zcash #zk #privacy

Several Linux Kernel Driver Maintainers Removed Due To Their ...

2024-10-25T11:10:57Z

Several Linux Kernel Driver Maintainers Removed Due To Their Association To Russia.

It was described as due to "compliance requirements" but vague in what those requirements entailed. Linus Torvalds then commented on the Russian Linux maintainers being de-listed and made it clear that they were done due to government compliance requirements / legal issues around Russia. Now today some additional light has been shed on those new Linux kernel "compliance requirements".

Longtime Linux developer and EXT4 file-system maintainer Ted Ts'o has also provided some clarity on a separate Linux kernel mailing list thread. In response to a suggested patch removing Huawei from the MAINTAINERS file given their known relations with the Chinese government there was more discussion about possible future removals.

See original news:
https://www.phoronix.com/news/Russian-Linux-Maintainers-Drop

See Torvalds statement:
https://www.phoronix.com/news/Linus-Torvalds-Russian-Devs

See Compliance Requirements update:
https://www.phoronix.com/news/Linux-Compliance-Requirements

See the original commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e90b675cf94

#linux #cybersecurity

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3 The third ...

2024-10-25T08:58:51Z

QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3

The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875.

Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious "Master of Pwn" title and claiming up to $1 million in rewards.

On Day 1, participants uncovered 52 zero-day vulnerabilities, and on Day 2, another 51 zero-days were added.

Yesterday, the competition saw impressive performances from teams representing Viettel Cyber Security, DEVCORE, and PHP Hooligans/Midnight Blue, among others.

See more: https://www.bleepingcomputer.com/news/security/qnap-synology-lexmark-devices-hacked-on-pwn2own-day-3/

#cybersecurity #security

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for ...

2024-10-25T08:54:05Z

Irish Watchdog Imposes Record €310 Million Fine on LinkedIn for GDPR Violations

The Irish data protection watchdog on Thursday fined LinkedIn €310 million ($335 million) for violating the privacy of its users by conducting behavioral analyses of personal data for targeted advertising.

"The inquiry examined LinkedIn's processing of personal data for the purposes of behavioral analysis and targeted advertising of users who have created LinkedIn profiles (members)," the Data Protection Commission (DPC) said. "The decision [...] concerns the lawfulness, fairness and transparency of this processing."

See more: https://thehackernews.com/2024/10/irish-watchdog-imposes-record-310.html

#cybersecurity #security #privacy

Insurance admin Landmark says data breach impacts 800,000 people ...

2024-10-25T08:49:52Z

Insurance admin Landmark says data breach impacts 800,000 people

Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack

Due to the sensitive nature of the stolen data, impacted people should monitor their credit reports and bank accounts for suspicious activity.

See more: https://www.bleepingcomputer.com/news/security/insurance-admin-landmark-says-data-breach-impacts-800-000-people/

#cybersecurity #security #privacy

UnitedHealth says data of 100 million stolen in Change Healthcare ...

2024-10-25T08:46:50Z

UnitedHealth says data of 100 million stolen in Change Healthcare breach

UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years.

This data breach was caused by a February ransomware attack on UnitedHealth subsidiary Change Healthcare, which led to widespread outages in the U.S. healthcare system.

During the attack, the threat actors stole 6 TB of data and ultimately encrypted computers on the network, causing the company to shut down IT systems to prevent the spread of the attack.

See more: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/

#cybersecurity #security #privacy

Cisco fixes VPN DoS flaw discovered in password spray attacks ...

2024-10-25T08:38:49Z

Cisco fixes VPN DoS flaw discovered in password spray attacks

Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April.

The flaw is tracked as CVE-2024-20481 and impacts all versions of Cisco ASA and Cisco FTD up until the latest versions of the software.

"A vulnerability in the Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the RAVPN service," reads the CVE-2024-20481 security advisory.

See more: https://www.bleepingcomputer.com/news/security/cisco-fixes-vpn-dos-flaw-discovered-in-password-spray-attacks/

#cybersecurity #security

IBM Boosts Guardium Platform to Address Shadow AI, Quantum ...

2024-10-23T21:21:11Z

IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography

IBM is updating and upgrading its Guardium platform to provide security for the two primary new technology problems: AI models and quantum safety.

IBM Guardium AI Security and IBM Guardium Quantum Safe combine to form the newly launched IBM Guardium Data Security Center, which operates across the entire enterprise hybrid infrastructure

See more: https://www.securityweek.com/ibm-boosts-guardium-platform-to-address-shadow-ai-quantum-cryptography/

#cybersecurity

CISA Warns of Active Exploitation of Microsoft SharePoint ...

2024-10-23T21:16:06Z

CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)

A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation.

The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution.

"An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw.

See more: https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html

#cybersecurity #security

Cisco takes DevHub portal offline after hacker publishes stolen ...

2024-10-19T11:45:52Z

Cisco takes DevHub portal offline after hacker publishes stolen data

Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached.

This statement comes after a threat actor known as IntelBroker claimed to have breached Cisco and attempted to sell data and source code stolen from the company.

Screenshots and files, provided to BleepingComputer, showed that the threat actor had access to most, if not all, of the data stored on this portal. This data included source code, configuration files with database credentials, technical documentation, and SQL files.

See more: https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/

#cybersecurity #security

Free TornadoCash or Samurai wallet devs! #nevent1q…f3k7

2024-10-15T18:57:56Z

Free TornadoCash or Samurai wallet devs!

quoting
nevent1q…f3k7
TD Bank's plea is an interesting read for anyone who believes that justice has been served in the US banking industry.

If its “historic fine” tells us anything, it's that that crime pays when you're a banker.

Full story:
https://www.therage.co/untitled-2/

GitHub Patches Critical Vulnerability in Enterprise Server Code ...

2024-10-15T18:40:48Z

GitHub Patches Critical Vulnerability in Enterprise Server

Code hosting platform GitHub has released patches for a critical-severity vulnerability in GitHub Enterprise Server that could lead to unauthorized access to affected instances.

Tracked as CVE-2024-9487 (CVSS score of 9.5), the bug was introduced in May 2024 as part of the remediations released for CVE-2024-4985, a critical authentication bypass defect allowing attackers to forge SAML responses and gain administrative access to the Enterprise Server.

The vulnerability was resolved in GitHub Enterprise Server versions 3.11.16, 3.12.10, 3.13.5, and 3.14.2, which also address a medium-severity information disclosure bug that could be exploited through malicious SVG files.

See more: https://www.securityweek.com/github-patches-critical-vulnerability-in-enterprise-server/

#cybersecurity #security

New FIDO proposal lets you securely move passkeys across ...

2024-10-15T18:33:45Z

New FIDO proposal lets you securely move passkeys across platforms

The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers.

Passkeys are a method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters.

The new specification that FIDO proposes essentially addresses the lack of widely accepted secure standards for credential transfer, eliminating the complications or practical limitations when switching between providers.

The drafts were developed with the contribution of specialists from FIDO associate members and stakeholders like Dashlane, Bitwarden, 1Password, NordPass, and Google.

See more: https://www.bleepingcomputer.com/news/security/new-fido-proposal-lets-you-securely-move-passkeys-across-platforms/

#cybersecurity #security

Microsoft deprecates PPTP and L2TP VPN protocols in Windows ...

2024-10-15T06:13:25Z

Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server

Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security.

PPTP is vulnerable to offline brute force attacks of captured authentication hashes, and L2TP provides no encryption unless coupled with another protocol, like IPsec. However, if L2TP/IPsec is not configured correctly, it can introduce weaknesses that make it susceptible to attacks.

"The move is part of Microsoft's strategy to enhance security and performance by transitioning users to more robust protocols like Secure Socket Tunneling Protocol (SSTP) and Internet Key Exchange version 2 (IKEv2)," Microsoft announced in a post this week.

See more:
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/

#cybersecurity #privacy #security

Google warns uBlock Origin and other extensions may be disabled ...

2024-10-15T06:01:18Z

Google warns uBlock Origin and other extensions may be disabled soon

The warning includes a link to a Google support bulletin that states the browser extension may be disabled to protect users' privacy and security.

"To better protect your privacy and security, Chrome and the Chrome Web Store require extensions to be up-to-date with new requirements," reads Google's support bulletin.

"uBO is a Manifest v2 extension, hence the warning in your Google Chrome browser. There is no Manifest v3 version of uBO, hence the browser will suggest alternative extensions as a replacement for uBO,"

See more: https://www.bleepingcomputer.com/news/google/google-warns-ublock-origin-and-other-extensions-may-be-disabled-soon/

#security #cybersecurity #privacy

Cisco investigates breach after stolen data for sale on hacking ...

2024-10-15T05:56:46Z

Cisco investigates breach after stolen data for sale on hacking forum

"Compromised data: Github projects, Gitlab Projects, SonarQube projects, Source code, hard coded credentials, Certificates, Customer SRCs, Cisco Confidential Documents, Jira tickets, API tokens, AWS Private buckets, Cisco Technology SRCs, Docker Builds, Azure Storage buckets, Private & Public keys, SSL Certificates, Cisco Premium Products & More!," reads the post to a hacking forum.

IntelBroker also shared samples of the alleged stolen data, including a database, customer information, various customer documentation, and screenshots of customer management portals.

However, the threat actor did not provide further details about how the data was obtained.

See more: https://www.bleepingcomputer.com/news/security/cisco-investigates-breach-after-stolen-data-for-sale-on-hacking-forum/

#security #cybersecurity #privacy

Recent Firefox Zero-Day Exploited Against Tor Browser Users ...

2024-10-15T05:53:54Z

Recent Firefox Zero-Day Exploited Against Tor Browser Users

Patches for CVE-2024-9680, which were included in Firefox version 131.0.2 and Firefox ESR versions 128.3.1 and 115.16.1, are rolling out in Tor browser version 13.5.7.

The Tor Project noted that Mozilla is aware of attacks exploiting CVE-2024-9680 against Tor Browser users.

“Using this vulnerability, an attacker could take control of Tor browser, but probably not deanonymize you in Tails,” Tor’s maintainers explained.

See more: https://www.securityweek.com/recent-firefox-zero-day-exploited-against-tor-browser-users/

#security #cybersecurity #privacy

Chinese Scientists Report Using Quantum Computer to Hack ...

2024-10-13T21:07:43Z

Chinese Scientists Report Using Quantum Computer to Hack Military-grade Encryption

Looks like marketing for D-Wave crap, but you never know. What if 🤷‍♂️

See more:
https://thequantuminsider.com/2024/10/11/chinese-scientists-report-using-quantum-computer-to-hack-military-grade-encryption/

#privacy #security

If you want to track the latest news about cyber security and ...

2024-10-12T12:13:33Z

If you want to track the latest news about cyber security and privacy, check the zCat!

zCat is an Android app, which lets you create your own news feed.

It also tracks ZCash, privacy focused cryptocurrency based on ZK 😎

https://play.google.com/store/apps/details?id=crypto.crab.app.zcat

#zcash #privacy #security

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge ...

2024-10-12T12:07:54Z

Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems

Cybersecurity researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.

The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.

"A vulnerability in the Nortek Linear eMerge E3 allows remote unauthenticated attackers to cause the device to execute arbitrary command," SSD Disclosure said in an advisory for the flaw released late last month, stating the vendor has yet to provide a fix or a workaround.

See more: https://thehackernews.com/2024/10/experts-warn-of-critical-unpatched.html

#security #hacking